1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include "tpm.h"
19#include <crypto/hash_info.h>
20#include <keys/trusted-type.h>
21
22enum tpm2_object_attributes {
23 TPM2_OA_USER_WITH_AUTH = BIT(6),
24};
25
26enum tpm2_session_attributes {
27 TPM2_SA_CONTINUE_SESSION = BIT(0),
28};
29
30struct tpm2_startup_in {
31 __be16 startup_type;
32} __packed;
33
34struct tpm2_get_tpm_pt_in {
35 __be32 cap_id;
36 __be32 property_id;
37 __be32 property_cnt;
38} __packed;
39
40struct tpm2_get_tpm_pt_out {
41 u8 more_data;
42 __be32 subcap_id;
43 __be32 property_cnt;
44 __be32 property_id;
45 __be32 value;
46} __packed;
47
48struct tpm2_get_random_in {
49 __be16 size;
50} __packed;
51
52struct tpm2_get_random_out {
53 __be16 size;
54 u8 buffer[TPM_MAX_RNG_DATA];
55} __packed;
56
57union tpm2_cmd_params {
58 struct tpm2_startup_in startup_in;
59 struct tpm2_get_tpm_pt_in get_tpm_pt_in;
60 struct tpm2_get_tpm_pt_out get_tpm_pt_out;
61 struct tpm2_get_random_in getrandom_in;
62 struct tpm2_get_random_out getrandom_out;
63};
64
65struct tpm2_cmd {
66 tpm_cmd_header header;
67 union tpm2_cmd_params params;
68} __packed;
69
70struct tpm2_hash {
71 unsigned int crypto_id;
72 unsigned int tpm_id;
73};
74
75static struct tpm2_hash tpm2_hash_map[] = {
76 {HASH_ALGO_SHA1, TPM2_ALG_SHA1},
77 {HASH_ALGO_SHA256, TPM2_ALG_SHA256},
78 {HASH_ALGO_SHA384, TPM2_ALG_SHA384},
79 {HASH_ALGO_SHA512, TPM2_ALG_SHA512},
80 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256},
81};
82
83
84
85
86
87
88
89
90
91static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = {
92 TPM_UNDEFINED,
93 TPM_UNDEFINED,
94 TPM_LONG,
95 TPM_UNDEFINED,
96 TPM_UNDEFINED,
97 TPM_UNDEFINED,
98 TPM_UNDEFINED,
99 TPM_UNDEFINED,
100 TPM_UNDEFINED,
101 TPM_UNDEFINED,
102 TPM_LONG,
103 TPM_UNDEFINED,
104 TPM_UNDEFINED,
105 TPM_UNDEFINED,
106 TPM_UNDEFINED,
107 TPM_UNDEFINED,
108 TPM_UNDEFINED,
109 TPM_UNDEFINED,
110 TPM_LONG_LONG,
111 TPM_UNDEFINED,
112 TPM_UNDEFINED,
113 TPM_UNDEFINED,
114 TPM_UNDEFINED,
115 TPM_UNDEFINED,
116 TPM_UNDEFINED,
117 TPM_UNDEFINED,
118 TPM_UNDEFINED,
119 TPM_UNDEFINED,
120 TPM_UNDEFINED,
121 TPM_UNDEFINED,
122 TPM_UNDEFINED,
123 TPM_MEDIUM,
124 TPM_UNDEFINED,
125 TPM_UNDEFINED,
126 TPM_UNDEFINED,
127 TPM_UNDEFINED,
128 TPM_LONG,
129 TPM_MEDIUM,
130 TPM_UNDEFINED,
131 TPM_UNDEFINED,
132 TPM_UNDEFINED,
133 TPM_UNDEFINED,
134 TPM_UNDEFINED,
135 TPM_UNDEFINED,
136 TPM_UNDEFINED,
137 TPM_UNDEFINED,
138 TPM_UNDEFINED,
139 TPM_LONG,
140 TPM_UNDEFINED,
141 TPM_UNDEFINED,
142 TPM_UNDEFINED,
143 TPM_UNDEFINED,
144 TPM_LONG_LONG,
145 TPM_UNDEFINED,
146 TPM_UNDEFINED,
147 TPM_UNDEFINED,
148 TPM_UNDEFINED,
149 TPM_UNDEFINED,
150 TPM_UNDEFINED,
151 TPM_UNDEFINED,
152 TPM_UNDEFINED,
153 TPM_MEDIUM,
154 TPM_UNDEFINED,
155 TPM_UNDEFINED,
156 TPM_UNDEFINED,
157 TPM_UNDEFINED,
158 TPM_UNDEFINED,
159 TPM_UNDEFINED,
160 TPM_UNDEFINED,
161 TPM_UNDEFINED,
162 TPM_UNDEFINED,
163 TPM_UNDEFINED,
164 TPM_UNDEFINED,
165 TPM_UNDEFINED,
166 TPM_UNDEFINED,
167 TPM_UNDEFINED,
168 TPM_UNDEFINED,
169 TPM_UNDEFINED,
170 TPM_UNDEFINED,
171 TPM_UNDEFINED,
172 TPM_UNDEFINED,
173 TPM_UNDEFINED,
174 TPM_UNDEFINED,
175 TPM_UNDEFINED,
176 TPM_UNDEFINED,
177 TPM_UNDEFINED,
178 TPM_UNDEFINED,
179 TPM_UNDEFINED,
180 TPM_LONG,
181 TPM_UNDEFINED,
182 TPM_UNDEFINED,
183 TPM_MEDIUM,
184 TPM_LONG,
185 TPM_UNDEFINED,
186 TPM_UNDEFINED,
187 TPM_UNDEFINED,
188 TPM_UNDEFINED,
189 TPM_UNDEFINED,
190 TPM_UNDEFINED,
191 TPM_MEDIUM,
192 TPM_UNDEFINED,
193 TPM_UNDEFINED,
194 TPM_MEDIUM,
195 TPM_MEDIUM,
196 TPM_UNDEFINED,
197 TPM_UNDEFINED,
198 TPM_UNDEFINED,
199 TPM_UNDEFINED,
200 TPM_UNDEFINED,
201 TPM_UNDEFINED,
202 TPM_UNDEFINED,
203 TPM_UNDEFINED,
204 TPM_UNDEFINED
205};
206
207struct tpm2_pcr_read_out {
208 __be32 update_cnt;
209 __be32 pcr_selects_cnt;
210 __be16 hash_alg;
211 u8 pcr_select_size;
212 u8 pcr_select[TPM2_PCR_SELECT_MIN];
213 __be32 digests_cnt;
214 __be16 digest_size;
215 u8 digest[];
216} __packed;
217
218
219
220
221
222
223
224
225
226int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
227{
228 int rc;
229 struct tpm_buf buf;
230 struct tpm2_pcr_read_out *out;
231 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0};
232
233 if (pcr_idx >= TPM2_PLATFORM_PCR)
234 return -EINVAL;
235
236 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ);
237 if (rc)
238 return rc;
239
240 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
241
242 tpm_buf_append_u32(&buf, 1);
243 tpm_buf_append_u16(&buf, TPM2_ALG_SHA1);
244 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
245 tpm_buf_append(&buf, (const unsigned char *)pcr_select,
246 sizeof(pcr_select));
247
248 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0,
249 res_buf ? "attempting to read a pcr value" : NULL);
250 if (rc == 0 && res_buf) {
251 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
252 memcpy(res_buf, out->digest, SHA1_DIGEST_SIZE);
253 }
254
255 tpm_buf_destroy(&buf);
256 return rc;
257}
258
259struct tpm2_null_auth_area {
260 __be32 handle;
261 __be16 nonce_size;
262 u8 attributes;
263 __be16 auth_size;
264} __packed;
265
266
267
268
269
270
271
272
273
274
275
276int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
277 struct tpm2_digest *digests)
278{
279 struct tpm_buf buf;
280 struct tpm2_null_auth_area auth_area;
281 int rc;
282 int i;
283 int j;
284
285 if (count > ARRAY_SIZE(chip->active_banks))
286 return -EINVAL;
287
288 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
289 if (rc)
290 return rc;
291
292 tpm_buf_append_u32(&buf, pcr_idx);
293
294 auth_area.handle = cpu_to_be32(TPM2_RS_PW);
295 auth_area.nonce_size = 0;
296 auth_area.attributes = 0;
297 auth_area.auth_size = 0;
298
299 tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
300 tpm_buf_append(&buf, (const unsigned char *)&auth_area,
301 sizeof(auth_area));
302 tpm_buf_append_u32(&buf, count);
303
304 for (i = 0; i < count; i++) {
305 for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) {
306 if (digests[i].alg_id != tpm2_hash_map[j].tpm_id)
307 continue;
308 tpm_buf_append_u16(&buf, digests[i].alg_id);
309 tpm_buf_append(&buf, (const unsigned char
310 *)&digests[i].digest,
311 hash_digest_size[tpm2_hash_map[j].crypto_id]);
312 }
313 }
314
315 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0,
316 "attempting extend a PCR value");
317
318 tpm_buf_destroy(&buf);
319
320 return rc;
321}
322
323
324#define TPM2_GETRANDOM_IN_SIZE \
325 (sizeof(struct tpm_input_header) + \
326 sizeof(struct tpm2_get_random_in))
327
328static const struct tpm_input_header tpm2_getrandom_header = {
329 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
330 .length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE),
331 .ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM)
332};
333
334
335
336
337
338
339
340
341
342
343
344int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max)
345{
346 struct tpm2_cmd cmd;
347 u32 recd, rlength;
348 u32 num_bytes;
349 int err;
350 int total = 0;
351 int retries = 5;
352 u8 *dest = out;
353
354 num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer));
355
356 if (!out || !num_bytes ||
357 max > sizeof(cmd.params.getrandom_out.buffer))
358 return -EINVAL;
359
360 do {
361 cmd.header.in = tpm2_getrandom_header;
362 cmd.params.getrandom_in.size = cpu_to_be16(num_bytes);
363
364 err = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd),
365 offsetof(struct tpm2_get_random_out,
366 buffer),
367 0, "attempting get random");
368 if (err)
369 break;
370
371 recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size),
372 num_bytes);
373 rlength = be32_to_cpu(cmd.header.out.length);
374 if (rlength < offsetof(struct tpm2_get_random_out, buffer) +
375 recd)
376 return -EFAULT;
377 memcpy(dest, cmd.params.getrandom_out.buffer, recd);
378
379 dest += recd;
380 total += recd;
381 num_bytes -= recd;
382 } while (retries-- && total < max);
383
384 return total ? total : -EIO;
385}
386
387#define TPM2_GET_TPM_PT_IN_SIZE \
388 (sizeof(struct tpm_input_header) + \
389 sizeof(struct tpm2_get_tpm_pt_in))
390
391#define TPM2_GET_TPM_PT_OUT_BODY_SIZE \
392 sizeof(struct tpm2_get_tpm_pt_out)
393
394static const struct tpm_input_header tpm2_get_tpm_pt_header = {
395 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
396 .length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE),
397 .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
398};
399
400
401
402
403
404
405
406
407
408void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle,
409 unsigned int flags)
410{
411 struct tpm_buf buf;
412 int rc;
413
414 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
415 if (rc) {
416 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
417 handle);
418 return;
419 }
420
421 tpm_buf_append_u32(&buf, handle);
422
423 (void) tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, flags,
424 "flushing context");
425
426 tpm_buf_destroy(&buf);
427}
428
429
430
431
432
433
434
435
436
437
438
439
440static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
441 const u8 *nonce, u16 nonce_len,
442 u8 attributes,
443 const u8 *hmac, u16 hmac_len)
444{
445 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
446 tpm_buf_append_u32(buf, session_handle);
447 tpm_buf_append_u16(buf, nonce_len);
448
449 if (nonce && nonce_len)
450 tpm_buf_append(buf, nonce, nonce_len);
451
452 tpm_buf_append_u8(buf, attributes);
453 tpm_buf_append_u16(buf, hmac_len);
454
455 if (hmac && hmac_len)
456 tpm_buf_append(buf, hmac, hmac_len);
457}
458
459
460
461
462
463
464
465
466
467
468int tpm2_seal_trusted(struct tpm_chip *chip,
469 struct trusted_key_payload *payload,
470 struct trusted_key_options *options)
471{
472 unsigned int blob_len;
473 struct tpm_buf buf;
474 u32 hash, rlength;
475 int i;
476 int rc;
477
478 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
479 if (options->hash == tpm2_hash_map[i].crypto_id) {
480 hash = tpm2_hash_map[i].tpm_id;
481 break;
482 }
483 }
484
485 if (i == ARRAY_SIZE(tpm2_hash_map))
486 return -EINVAL;
487
488 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
489 if (rc)
490 return rc;
491
492 tpm_buf_append_u32(&buf, options->keyhandle);
493 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
494 NULL , 0,
495 0 ,
496 options->keyauth ,
497 TPM_DIGEST_SIZE);
498
499
500 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
501
502 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
503 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
504 tpm_buf_append_u16(&buf, payload->key_len + 1);
505 tpm_buf_append(&buf, payload->key, payload->key_len);
506 tpm_buf_append_u8(&buf, payload->migratable);
507
508
509 tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
510 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
511 tpm_buf_append_u16(&buf, hash);
512
513
514 if (options->policydigest_len) {
515 tpm_buf_append_u32(&buf, 0);
516 tpm_buf_append_u16(&buf, options->policydigest_len);
517 tpm_buf_append(&buf, options->policydigest,
518 options->policydigest_len);
519 } else {
520 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
521 tpm_buf_append_u16(&buf, 0);
522 }
523
524
525 tpm_buf_append_u16(&buf, TPM2_ALG_NULL);
526 tpm_buf_append_u16(&buf, 0);
527
528
529 tpm_buf_append_u16(&buf, 0);
530
531
532 tpm_buf_append_u32(&buf, 0);
533
534 if (buf.flags & TPM_BUF_OVERFLOW) {
535 rc = -E2BIG;
536 goto out;
537 }
538
539 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, 0,
540 "sealing data");
541 if (rc)
542 goto out;
543
544 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
545 if (blob_len > MAX_BLOB_SIZE) {
546 rc = -E2BIG;
547 goto out;
548 }
549 rlength = be32_to_cpu(((struct tpm2_cmd *)&buf)->header.out.length);
550 if (rlength < TPM_HEADER_SIZE + 4 + blob_len) {
551 rc = -EFAULT;
552 goto out;
553 }
554
555 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len);
556 payload->blob_len = blob_len;
557
558out:
559 tpm_buf_destroy(&buf);
560
561 if (rc > 0) {
562 if (tpm2_rc_value(rc) == TPM2_RC_HASH)
563 rc = -EINVAL;
564 else
565 rc = -EPERM;
566 }
567
568 return rc;
569}
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585static int tpm2_load_cmd(struct tpm_chip *chip,
586 struct trusted_key_payload *payload,
587 struct trusted_key_options *options,
588 u32 *blob_handle, unsigned int flags)
589{
590 struct tpm_buf buf;
591 unsigned int private_len;
592 unsigned int public_len;
593 unsigned int blob_len;
594 int rc;
595
596 private_len = be16_to_cpup((__be16 *) &payload->blob[0]);
597 if (private_len > (payload->blob_len - 2))
598 return -E2BIG;
599
600 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]);
601 blob_len = private_len + public_len + 4;
602 if (blob_len > payload->blob_len)
603 return -E2BIG;
604
605 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
606 if (rc)
607 return rc;
608
609 tpm_buf_append_u32(&buf, options->keyhandle);
610 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
611 NULL , 0,
612 0 ,
613 options->keyauth ,
614 TPM_DIGEST_SIZE);
615
616 tpm_buf_append(&buf, payload->blob, blob_len);
617
618 if (buf.flags & TPM_BUF_OVERFLOW) {
619 rc = -E2BIG;
620 goto out;
621 }
622
623 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, flags,
624 "loading blob");
625 if (!rc)
626 *blob_handle = be32_to_cpup(
627 (__be32 *) &buf.data[TPM_HEADER_SIZE]);
628
629out:
630 tpm_buf_destroy(&buf);
631
632 if (rc > 0)
633 rc = -EPERM;
634
635 return rc;
636}
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651static int tpm2_unseal_cmd(struct tpm_chip *chip,
652 struct trusted_key_payload *payload,
653 struct trusted_key_options *options,
654 u32 blob_handle, unsigned int flags)
655{
656 struct tpm_buf buf;
657 u16 data_len;
658 u8 *data;
659 int rc;
660 u32 rlength;
661
662 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
663 if (rc)
664 return rc;
665
666 tpm_buf_append_u32(&buf, blob_handle);
667 tpm2_buf_append_auth(&buf,
668 options->policyhandle ?
669 options->policyhandle : TPM2_RS_PW,
670 NULL , 0,
671 TPM2_SA_CONTINUE_SESSION,
672 options->blobauth ,
673 TPM_DIGEST_SIZE);
674
675 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 6, flags,
676 "unsealing");
677 if (rc > 0)
678 rc = -EPERM;
679
680 if (!rc) {
681 data_len = be16_to_cpup(
682 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
683 if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) {
684 rc = -EFAULT;
685 goto out;
686 }
687
688 rlength = be32_to_cpu(((struct tpm2_cmd *)&buf)
689 ->header.out.length);
690 if (rlength < TPM_HEADER_SIZE + 6 + data_len) {
691 rc = -EFAULT;
692 goto out;
693 }
694 data = &buf.data[TPM_HEADER_SIZE + 6];
695
696 memcpy(payload->key, data, data_len - 1);
697 payload->key_len = data_len - 1;
698 payload->migratable = data[data_len - 1];
699 }
700
701out:
702 tpm_buf_destroy(&buf);
703 return rc;
704}
705
706
707
708
709
710
711
712
713
714
715int tpm2_unseal_trusted(struct tpm_chip *chip,
716 struct trusted_key_payload *payload,
717 struct trusted_key_options *options)
718{
719 u32 blob_handle;
720 int rc;
721
722 mutex_lock(&chip->tpm_mutex);
723 rc = tpm2_load_cmd(chip, payload, options, &blob_handle,
724 TPM_TRANSMIT_UNLOCKED);
725 if (rc)
726 goto out;
727
728 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle,
729 TPM_TRANSMIT_UNLOCKED);
730 tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED);
731out:
732 mutex_unlock(&chip->tpm_mutex);
733 return rc;
734}
735
736
737
738
739
740
741
742
743
744
745ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value,
746 const char *desc)
747{
748 struct tpm2_cmd cmd;
749 int rc;
750
751 cmd.header.in = tpm2_get_tpm_pt_header;
752 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
753 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id);
754 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
755
756 rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd),
757 TPM2_GET_TPM_PT_OUT_BODY_SIZE, 0, desc);
758 if (!rc)
759 *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value);
760
761 return rc;
762}
763EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
764
765#define TPM2_SHUTDOWN_IN_SIZE \
766 (sizeof(struct tpm_input_header) + \
767 sizeof(struct tpm2_startup_in))
768
769static const struct tpm_input_header tpm2_shutdown_header = {
770 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
771 .length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE),
772 .ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN)
773};
774
775
776
777
778
779
780
781
782void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
783{
784 struct tpm2_cmd cmd;
785 int rc;
786
787 cmd.header.in = tpm2_shutdown_header;
788 cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type);
789
790 rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0,
791 "stopping the TPM");
792
793
794
795
796 if (rc < 0 && rc != -EPIPE)
797 dev_warn(&chip->dev, "transmit returned %d while stopping the TPM",
798 rc);
799}
800
801
802
803
804
805
806
807
808
809unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
810{
811 int index = TPM_UNDEFINED;
812 int duration = 0;
813
814 if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST)
815 index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST];
816
817 if (index != TPM_UNDEFINED)
818 duration = chip->duration[index];
819
820 if (duration <= 0)
821 duration = msecs_to_jiffies(TPM2_DURATION_DEFAULT);
822
823 return duration;
824}
825EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration);
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840static int tpm2_do_selftest(struct tpm_chip *chip)
841{
842 struct tpm_buf buf;
843 int full;
844 int rc;
845
846 for (full = 0; full < 2; full++) {
847 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
848 if (rc)
849 return rc;
850
851 tpm_buf_append_u8(&buf, full);
852 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0,
853 "attempting the self test");
854 tpm_buf_destroy(&buf);
855
856 if (rc == TPM2_RC_TESTING)
857 rc = TPM2_RC_SUCCESS;
858 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
859 return rc;
860 }
861
862 return rc;
863}
864
865
866
867
868
869
870
871
872
873
874int tpm2_probe(struct tpm_chip *chip)
875{
876 struct tpm2_cmd cmd;
877 int rc;
878
879 cmd.header.in = tpm2_get_tpm_pt_header;
880 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
881 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100);
882 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
883
884 rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, NULL);
885 if (rc < 0)
886 return rc;
887
888 if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS)
889 chip->flags |= TPM_CHIP_FLAG_TPM2;
890
891 return 0;
892}
893EXPORT_SYMBOL_GPL(tpm2_probe);
894
895struct tpm2_pcr_selection {
896 __be16 hash_alg;
897 u8 size_of_select;
898 u8 pcr_select[3];
899} __packed;
900
901static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
902{
903 struct tpm2_pcr_selection pcr_selection;
904 struct tpm_buf buf;
905 void *marker;
906 void *end;
907 void *pcr_select_offset;
908 unsigned int count;
909 u32 sizeof_pcr_selection;
910 u32 rsp_len;
911 int rc;
912 int i = 0;
913
914 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
915 if (rc)
916 return rc;
917
918 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
919 tpm_buf_append_u32(&buf, 0);
920 tpm_buf_append_u32(&buf, 1);
921
922 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 9, 0,
923 "get tpm pcr allocation");
924 if (rc)
925 goto out;
926
927 count = be32_to_cpup(
928 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
929
930 if (count > ARRAY_SIZE(chip->active_banks)) {
931 rc = -ENODEV;
932 goto out;
933 }
934
935 marker = &buf.data[TPM_HEADER_SIZE + 9];
936
937 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
938 end = &buf.data[rsp_len];
939
940 for (i = 0; i < count; i++) {
941 pcr_select_offset = marker +
942 offsetof(struct tpm2_pcr_selection, size_of_select);
943 if (pcr_select_offset >= end) {
944 rc = -EFAULT;
945 break;
946 }
947
948 memcpy(&pcr_selection, marker, sizeof(pcr_selection));
949 chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
950 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
951 sizeof(pcr_selection.size_of_select) +
952 pcr_selection.size_of_select;
953 marker = marker + sizeof_pcr_selection;
954 }
955
956out:
957 if (i < ARRAY_SIZE(chip->active_banks))
958 chip->active_banks[i] = TPM2_ALG_ERROR;
959
960 tpm_buf_destroy(&buf);
961
962 return rc;
963}
964
965static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
966{
967 struct tpm_buf buf;
968 u32 nr_commands;
969 __be32 *attrs;
970 u32 cc;
971 int i;
972 int rc;
973
974 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
975 if (rc)
976 goto out;
977
978 if (nr_commands > 0xFFFFF) {
979 rc = -EFAULT;
980 goto out;
981 }
982
983 chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands,
984 GFP_KERNEL);
985
986 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
987 if (rc)
988 goto out;
989
990 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
991 tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
992 tpm_buf_append_u32(&buf, nr_commands);
993
994 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE,
995 9 + 4 * nr_commands, 0, NULL);
996 if (rc) {
997 tpm_buf_destroy(&buf);
998 goto out;
999 }
1000
1001 if (nr_commands !=
1002 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
1003 tpm_buf_destroy(&buf);
1004 goto out;
1005 }
1006
1007 chip->nr_commands = nr_commands;
1008
1009 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9];
1010 for (i = 0; i < nr_commands; i++, attrs++) {
1011 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
1012 cc = chip->cc_attrs_tbl[i] & 0xFFFF;
1013
1014 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
1015 chip->cc_attrs_tbl[i] &=
1016 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
1017 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
1018 }
1019 }
1020
1021 tpm_buf_destroy(&buf);
1022
1023out:
1024 if (rc > 0)
1025 rc = -ENODEV;
1026 return rc;
1027}
1028
1029
1030
1031
1032
1033
1034
1035
1036int tpm2_auto_startup(struct tpm_chip *chip)
1037{
1038 int rc;
1039
1040 rc = tpm_get_timeouts(chip);
1041 if (rc)
1042 goto out;
1043
1044 rc = tpm2_do_selftest(chip);
1045 if (rc && rc != TPM2_RC_INITIALIZE)
1046 goto out;
1047
1048 if (rc == TPM2_RC_INITIALIZE) {
1049 rc = tpm_startup(chip);
1050 if (rc)
1051 goto out;
1052
1053 rc = tpm2_do_selftest(chip);
1054 if (rc)
1055 goto out;
1056 }
1057
1058 rc = tpm2_get_pcr_allocation(chip);
1059 if (rc)
1060 goto out;
1061
1062 rc = tpm2_get_cc_attrs_tbl(chip);
1063
1064out:
1065 if (rc > 0)
1066 rc = -ENODEV;
1067 return rc;
1068}
1069
1070int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
1071{
1072 int i;
1073
1074 for (i = 0; i < chip->nr_commands; i++)
1075 if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0)))
1076 return i;
1077
1078 return -1;
1079}
1080
